Discussion:
[NF] An email was sent using my yahoo address book, but no virus found.
(too old to reply)
Michael Madigan
2010-01-07 04:24:41 UTC
Permalink
The contacts on my yahoo address book received an email from me at 9:00 AM today with a spam link on it. I'm guessing it was from a virus that read my address book. The problem is that none of the anti-virus and anti-malware software programs are reporting any viruses on my system.

Does anyone have any ideas what happened here?
Pete Theisen
2010-01-07 05:06:42 UTC
Permalink
Post by Michael Madigan
The contacts on my yahoo address book received an email from me at
9:00 AM today with a spam link on it. I'm guessing it was from a
virus that read my address book. The problem is that none of the
anti-virus and anti-malware software programs are reporting any
viruses on my system.
Does anyone have any ideas what happened here?
Hi Michael,

The buggers are getting desperate. They creep into your house while you
are asleep or out and email your whole list, then slip away undetected.
--
Regards,

Pete
http://pete-theisen.com/
http://elect-pete-theisen.com/
Gene Wirchenko
2010-01-07 21:49:26 UTC
Permalink
Post by Pete Theisen
Post by Michael Madigan
The contacts on my yahoo address book received an email from me at
9:00 AM today with a spam link on it. I'm guessing it was from a
virus that read my address book. The problem is that none of the
anti-virus and anti-malware software programs are reporting any
viruses on my system.
Does anyone have any ideas what happened here?
The buggers are getting desperate. They creep into your house while you
are asleep or out and email your whole list, then slip away undetected.
A mere riff on
http://xkcd.com/666/

Sincerely,

Gene Wirchenko
Alan Bourke
2010-01-07 09:29:24 UTC
Permalink
I would guess that another person, who has a similar contacts list and
who also has your Yahoo email address in their Outlook contacts has
contracted a nasty. This nasty has then sent out emails and spoofed the
'From' address to be your Yahoo address.
--
Alan Bourke
alanpbourke (at) fastmail (dot) fm
Michael Madigan
2010-01-08 01:03:18 UTC
Permalink
No, it's definitely my list.
Subject: Re: [NF] An email was sent using my yahoo address book, but no virus found.
Date: Thursday, January 7, 2010, 4:29 AM
I would guess that another person,
who has a similar contacts list and
who also has your Yahoo email address in their Outlook
contacts has
contracted a nasty. This nasty has then sent out emails and
spoofed the
'From' address to be your Yahoo address.
--
  Alan Bourke
  alanpbourke (at) fastmail (dot) fm
_______________________________________________
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
** All postings, unless explicitly stated otherwise, are
the opinions of the author, and do not constitute legal or
medical advice. This statement is added to the messages for
those lawyers who are too stupid to see the obvious.
Frank Cazabon
2010-01-07 10:36:45 UTC
Permalink
Just in case someone has hacked your account, I would change your password.

Frank.

Frank Cazabon
Samaan Systems Ltd. - Developing Solutions
www.SamaanSystems.com/

Referrals are important to us.
If you know of anyone who would benefit from our services, please contact me. We would appreciate the opportunity to work with them.
Post by Michael Madigan
The contacts on my yahoo address book received an email from me at 9:00 AM today with a spam link on it. I'm guessing it was from a virus that read my address book. The problem is that none of the anti-virus and anti-malware software programs are reporting any viruses on my system.
Does anyone have any ideas what happened here?
[excessive quoting removed by server]
Jean Laeremans
2010-01-07 10:42:47 UTC
Permalink
Post by Frank Cazabon
Just in case someone has hacked your account, I would change your password.
Frank.
So you're the one....;)

A+
jml
Frank Cazabon
2010-01-07 10:49:30 UTC
Permalink
LOL, you got me ;)

Frank.

Frank Cazabon
Samaan Systems Ltd. - Developing Solutions
www.SamaanSystems.com/

Referrals are important to us.
If you know of anyone who would benefit from our services, please contact me. We would appreciate the opportunity to work with them.
Post by Jean Laeremans
Post by Frank Cazabon
Just in case someone has hacked your account, I would change your password.
Frank.
So you're the one....;)
A+
jml
[excessive quoting removed by server]
Michael Madigan
2010-01-08 01:03:41 UTC
Permalink
I did that, thanks.
Subject: Re: [NF] An email was sent using my yahoo address book, but no virus found.
Date: Thursday, January 7, 2010, 5:36 AM
Just in case someone has hacked your
account, I would change your password.
Frank.
Frank Cazabon
Samaan Systems Ltd. - Developing Solutions
www.SamaanSystems.com/
Referrals are important to us.
If you know of anyone who would benefit from our services,
please contact me. We would appreciate the opportunity to
work with them.
Post by Michael Madigan
The contacts on my yahoo address book received an
email from me at 9:00 AM today with a spam link on it. 
I'm guessing it was from a virus that read my address
book.   The problem is that none of the
anti-virus and anti-malware software programs are reporting
any viruses on my system.
Post by Michael Madigan
Does anyone have any ideas what happened here?
[excessive quoting removed by server]
_______________________________________________
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
** All postings, unless explicitly stated otherwise, are
the opinions of the author, and do not constitute legal or
medical advice. This statement is added to the messages for
those lawyers who are too stupid to see the obvious.
a***@abac.com
2010-01-07 13:32:44 UTC
Permalink
Michael:

Changing your password seems a good idea. But if you still think there
is something locally, try using Avast Free Edition. About a year ago my
billing computer got a virus reading my email, Norton Internet Security
detected the virus and "removed" it and after the cleanup was so slow that
was useless, bought a new one install the program and my data and
continue my work.

About 2 months ago, another of my computers motherboard died,
didn't have the money to buy a new one, another motherboard nor
the time to reinstall everything. I ended up installing on the slow
computer as is. Then tried several antivirus on the market, online
scans and free antivirus, the last one used was Avast which I installed
without uninstalling norton.

The initial Avast scan didn't find anything, and I didn't have the
time to uninstall it at that moment. After about 30 minutes later went to
the
computer to uninstall Avast and try something else, but there was a
message on the screen saying it found a virus and if I wanted to
remove it and restart the computer, since didn't have anything
to loose clicked Yes. The computer restarted and is working as a
new computer. You bet I removed Norton and still have Avast
on that computer.

AiR
Aida I. Rivera-Benítez, MSMIS
AiR Information Systems, Inc.
San Juan, Puerto Rico
Michael Madigan
2010-01-08 01:09:40 UTC
Permalink
Thanks Juan.

Here's what I've done so far

I have AVG free running all the time

I have Spybot search and destroy running all the time.

I ran a spybot manual scan and it found nothing.

I ran a AVG scan and it found nothing.

I downloaded Malwarebytes anti-malware software and it found like 20 items (not cookies). That a giant difference between nothing and 20.

So now I'll see if that fixed the problem.

As in the past, it doesn't seem like you can ever rely on just one scanner.

Thanks,

Mike
Subject: Re: [NF] An email was sent using my yahoo address book, but no virus found.
Date: Thursday, January 7, 2010, 8:32 AM
Changing your password seems a good idea.  But if you
still think there
is something locally, try using Avast Free Edition. 
About a year ago my
billing computer got  a virus reading my email, Norton
Internet Security
detected the virus and "removed" it and after the cleanup
was so slow that
was useless, bought a new one install the program and my
data and
continue my work.
About 2 months ago, another of my computers motherboard
died,
didn't have the money to buy a new one, another motherboard
nor
the time to reinstall everything.  I ended up
installing on the slow
computer as is.  Then tried several antivirus on the
market, online
scans and free antivirus, the last one used was Avast which
I installed
without uninstalling norton.
The initial Avast scan didn't find anything, and I didn't
have the
time to uninstall it at that moment.  After about 30
minutes later went to
the
computer to uninstall Avast and try something else, but
there was a
message on the screen saying it found a virus and if I
wanted to
remove it and restart the computer, since didn't have
anything
to loose clicked Yes.  The computer restarted and is
working as a
new computer.  You bet I removed Norton and still have
Avast
on that computer.
AiR
Aida I. Rivera-Benítez, MSMIS
AiR Information Systems, Inc.
San Juan, Puerto Rico
_______________________________________________
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
** All postings, unless explicitly stated otherwise, are
the opinions of the author, and do not constitute legal or
medical advice. This statement is added to the messages for
those lawyers who are too stupid to see the obvious.
Nicholas Geti
2010-01-08 02:48:50 UTC
Permalink
Run COMBOFIX
It is extremely accurate at finding root kits and the like which load before
Windows starts.

----- Original Message -----
From: "Michael Madigan" <***@yahoo.com>
To: "ProFox Email List" <***@leafe.com>
Sent: Thursday, January 07, 2010 8:09 PM
Subject: Re: [NF] An email was sent using my yahoo address book,but no virus
found.


Thanks Juan.

Here's what I've done so far

I have AVG free running all the time

I have Spybot search and destroy running all the time.

I ran a spybot manual scan and it found nothing.

I ran a AVG scan and it found nothing.

I downloaded Malwarebytes anti-malware software and it found like 20 items
(not cookies). That a giant difference between nothing and 20.

So now I'll see if that fixed the problem.

As in the past, it doesn't seem like you can ever rely on just one scanner.

Thanks,

Mike
Subject: Re: [NF] An email was sent using my yahoo address book, but no virus found.
Date: Thursday, January 7, 2010, 8:32 AM
Changing your password seems a good idea. But if you
still think there
is something locally, try using Avast Free Edition.
About a year ago my
billing computer got a virus reading my email, Norton
Internet Security
detected the virus and "removed" it and after the cleanup
was so slow that
was useless, bought a new one install the program and my
data and
continue my work.
About 2 months ago, another of my computers motherboard
died,
didn't have the money to buy a new one, another motherboard
nor
the time to reinstall everything. I ended up
installing on the slow
computer as is. Then tried several antivirus on the
market, online
scans and free antivirus, the last one used was Avast which
I installed
without uninstalling norton.
The initial Avast scan didn't find anything, and I didn't
have the
time to uninstall it at that moment. After about 30
minutes later went to
the
computer to uninstall Avast and try something else, but
there was a
message on the screen saying it found a virus and if I
wanted to
remove it and restart the computer, since didn't have
anything
to loose clicked Yes. The computer restarted and is
working as a
new computer. You bet I removed Norton and still have
Avast
on that computer.
AiR
Aida I. Rivera-Benítez, MSMIS
AiR Information Systems, Inc.
San Juan, Puerto Rico
[excessive quoting removed by server]
Michael Madigan
2010-01-08 07:40:13 UTC
Permalink
Thanks Nick.

Would blocking port 25 help me?  I never use smtp to send mail. 

--- On Thu, 1/7/10, Nicholas Geti <***@optonline.net> wrote:

From: Nicholas Geti <***@optonline.net>
Subject: Re: [NF] An email was sent using my yahoo address book,but no virus found.
To: "ProFox Email List" <***@leafe.com>
Date: Thursday, January 7, 2010, 9:48 PM

Run COMBOFIX
It is extremely accurate at finding root kits and the like which load before
Windows starts.

----- Original Message -----
From: "Michael Madigan" <***@yahoo.com>
To: "ProFox Email List" <***@leafe.com>
Sent: Thursday, January 07, 2010 8:09 PM
Subject: Re: [NF] An email was sent using my yahoo address book,but no virus
found.


Thanks Juan.

Here's what I've done so far

I have AVG free running all the time

I have Spybot search and destroy running all the time.

I ran  a spybot manual scan and it found nothing.

I ran a AVG scan and it found nothing.

I downloaded Malwarebytes anti-malware software and it found like 20 items
(not cookies).   That a giant difference between nothing and 20.

So now I'll see if that fixed the problem.

As in the past, it doesn't seem like you can ever rely on just one scanner.

Thanks,

Mike
Subject: Re: [NF] An email was sent using my yahoo address book, but no virus found.
Date: Thursday, January 7, 2010, 8:32 AM
Changing your password seems a good idea. But if you
still think there
is something locally, try using Avast Free Edition.
About a year ago my
billing computer got a virus reading my email, Norton
Internet Security
detected the virus and "removed" it and after the cleanup
was so slow that
was useless, bought a new one install the program and my
data and
continue my work.
About 2 months ago, another of my computers motherboard
died,
didn't have the money to buy a new one, another motherboard
nor
the time to reinstall everything. I ended up
installing on the slow
computer as is. Then tried several antivirus on the
market, online
scans and free antivirus, the last one used was Avast which
I installed
without uninstalling norton.
The initial Avast scan didn't find anything, and I didn't
have the
time to uninstall it at that moment. After about 30
minutes later went to
the
computer to uninstall Avast and try something else, but
there was a
message on the screen saying it found a virus and if I
wanted to
remove it and restart the computer, since didn't have
anything
to loose clicked Yes. The computer restarted and is
working as a
new computer. You bet I removed Norton and still have
Avast
on that computer.
AiR
Aida I. Rivera-Benítez, MSMIS
AiR Information Systems, Inc.
San Juan, Puerto Rico
[excessive quoting removed by server]
Nicholas Geti
2010-01-08 18:00:52 UTC
Permalink
All my emails go out at SMTP on port 25. That is a given by my ISP. Don't
see how blocking it would help you except prevent any emails from going out.


----- Original Message -----
From: "Michael Madigan" <***@yahoo.com>
To: "ProFox Email List" <***@leafe.com>
Sent: Friday, January 08, 2010 2:40 AM
Subject: Re: [NF] An email was sent using my yahoo address book,but no virus
found.


Thanks Nick.

Would blocking port 25 help me? I never use smtp to send mail.

--- On Thu, 1/7/10, Nicholas Geti <***@optonline.net> wrote:

From: Nicholas Geti <***@optonline.net>
Subject: Re: [NF] An email was sent using my yahoo address book,but no virus
found.
To: "ProFox Email List" <***@leafe.com>
Date: Thursday, January 7, 2010, 9:48 PM

Run COMBOFIX
It is extremely accurate at finding root kits and the like which load before
Windows starts.

----- Original Message -----
From: "Michael Madigan" <***@yahoo.com>
To: "ProFox Email List" <***@leafe.com>
Sent: Thursday, January 07, 2010 8:09 PM
Subject: Re: [NF] An email was sent using my yahoo address book,but no virus
found.


Thanks Juan.

Here's what I've done so far

I have AVG free running all the time

I have Spybot search and destroy running all the time.

I ran a spybot manual scan and it found nothing.

I ran a AVG scan and it found nothing.

I downloaded Malwarebytes anti-malware software and it found like 20 items
(not cookies). That a giant difference between nothing and 20.

So now I'll see if that fixed the problem.

As in the past, it doesn't seem like you can ever rely on just one scanner.

Thanks,

Mike
Subject: Re: [NF] An email was sent using my yahoo address book, but no virus found.
Date: Thursday, January 7, 2010, 8:32 AM
Changing your password seems a good idea. But if you
still think there
is something locally, try using Avast Free Edition.
About a year ago my
billing computer got a virus reading my email, Norton
Internet Security
detected the virus and "removed" it and after the cleanup
was so slow that
was useless, bought a new one install the program and my
data and
continue my work.
About 2 months ago, another of my computers motherboard
died,
didn't have the money to buy a new one, another motherboard
nor
the time to reinstall everything. I ended up
installing on the slow
computer as is. Then tried several antivirus on the
market, online
scans and free antivirus, the last one used was Avast which
I installed
without uninstalling norton.
The initial Avast scan didn't find anything, and I didn't
have the
time to uninstall it at that moment. After about 30
minutes later went to
the
computer to uninstall Avast and try something else, but
there was a
message on the screen saying it found a virus and if I
wanted to
remove it and restart the computer, since didn't have
anything
to loose clicked Yes. The computer restarted and is
working as a
new computer. You bet I removed Norton and still have
Avast
on that computer.
AiR
Aida I. Rivera-Benítez, MSMIS
AiR Information Systems, Inc.
San Juan, Puerto Rico
[excessive quoting removed by server]
Michael Madigan
2010-01-08 15:32:57 UTC
Permalink
It sent another batch of emails earlier this morning. It is using old email addresses that I've already changed or deleted in my address book.

So, it looks like the initial harvesting was sent to an outside server and bulk sending mail once a day.

It looks like the only way people are going to be able to stop it is by blocking my email address.

Great.
Stephen Russell
2010-01-08 15:40:48 UTC
Permalink
It sent another batch of emails earlier this morning.  It is using old email addresses that I've already changed or deleted in my address book.
So, it looks like the initial harvesting was sent to an outside server and bulk sending mail once a day.
It looks like the only way people are going to be able to stop it is by blocking my email address.
----------------------------

Kaspersky will stop the inbound disaster from anyone. The more I use
it the better I feel about the product. Everyday it brags on how many
stupid threats it neutralized, and I like it boasting about itself.

I still say that from an old email that is where all those addys were
harvested. Not a hack into Yahoo.

Now if your friends got the "Help me I am stuck in ..... and I need
money " email then you were hacked at Yahoo.
--
Stephen Russell
Sr. Production Systems Programmer
SQL Server DBA
Web and Winform Development
Independent Contractor
Memphis TN

901.246-0159
Pete Theisen
2010-01-08 15:56:28 UTC
Permalink
Post by Stephen Russell
Post by Michael Madigan
It sent another batch of emails earlier this morning. It is using old email addresses that I've already changed or deleted in my address book.
So, it looks like the initial harvesting was sent to an outside server and bulk sending mail once a day.
It looks like the only way people are going to be able to stop it is by blocking my email address.
Kaspersky will stop the inbound disaster from anyone. The more I use
it the better I feel about the product. Everyday it brags on how many
stupid threats it neutralized, and I like it boasting about itself.
I still say that from an old email that is where all those addys were
harvested. Not a hack into Yahoo.
Now if your friends got the "Help me I am stuck in ..... and I need
money " email then you were hacked at Yahoo.
Hi Stephen,

People who know Michael will not be fooled into thinking he is stuck in
any of the usual places, or that he needs money, LOL.
--
Regards,

Pete
http://pete-theisen.com/
http://elect-pete-theisen.com/
Michael Madigan
2010-01-08 16:10:12 UTC
Permalink
I'm emails from my idiot friends who believe I am sending them Viagara ads.

IDIOTS!
Subject: Re: [NF] An email was sent using my yahoo address book, but no virus found.
Date: Friday, January 8, 2010, 10:56 AM
Post by Stephen Russell
Post by Michael Madigan
It sent another batch of emails earlier this
morning.  It is using old email addresses that I've
already changed or deleted in my address book.
Post by Stephen Russell
Post by Michael Madigan
So, it looks like the initial harvesting was sent
to an outside server and bulk sending mail once a day.
Post by Stephen Russell
Post by Michael Madigan
It looks like the only way people are going to be
able to stop it is by blocking my email address.
Post by Stephen Russell
Kaspersky will stop the inbound disaster from
anyone.  The more I use
Post by Stephen Russell
it the better I feel about the product.  Everyday
it brags on how many
Post by Stephen Russell
stupid threats it neutralized, and I like it boasting
about itself.
Post by Stephen Russell
I still say that from an old email that is where all
those addys were
Post by Stephen Russell
harvested.  Not a hack into Yahoo.
Now if your friends got the "Help me I am stuck in
..... and I need
Post by Stephen Russell
money " email then you were hacked at Yahoo.
Hi Stephen,
People who know Michael will not be fooled into thinking he
is stuck in
any of the usual places, or that he needs money, LOL.
--
Regards,
Pete
http://pete-theisen.com/
http://elect-pete-theisen.com/
_______________________________________________
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
** All postings, unless explicitly stated otherwise, are
the opinions of the author, and do not constitute legal or
medical advice. This statement is added to the messages for
those lawyers who are too stupid to see the obvious.
Pete Theisen
2010-01-08 19:12:42 UTC
Permalink
Post by Michael Madigan
I'm emails from my idiot friends who believe I am sending them
Viagara ads.
IDIOTS!
Hi Michael,

I don't need any Viagra right now, but if you can get me a deal on
Medicare Part D . . .
Post by Michael Madigan
Post by Michael Madigan
Post by Stephen Russell
Post by Michael Madigan
It sent another batch of emails earlier this
morning. It is using old email addresses that I've already changed
or deleted in my address book.
Post by Stephen Russell
Post by Michael Madigan
So, it looks like the initial harvesting was sent
to an outside server and bulk sending mail once a day.
Post by Stephen Russell
Post by Michael Madigan
It looks like the only way people are going to be
able to stop it is by blocking my email address.
Post by Stephen Russell
Kaspersky will stop the inbound disaster from
anyone. The more I use it the better I feel about the product.
Everyday it brags on how many stupid threats it neutralized, and I
like it boasting about itself.
Post by Stephen Russell
I still say that from an old email that is where all
those addys were harvested. Not a hack into Yahoo.
Post by Stephen Russell
Now if your friends got the "Help me I am stuck in
..... and I need money " email then you were hacked at Yahoo.
--
Regards,

Pete
http://pete-theisen.com/
http://elect-pete-theisen.com/
Michael Madigan
2010-01-08 16:07:54 UTC
Permalink
No, because it was from people I hadn't sent emails in years to. Every email was sent. I even had a maxemail email to fax address. So now I get charged 5 cents a day for a spam email that's getting faxed.
Subject: Re: [NF] An email was sent using my yahoo address book, but no virus found.
Date: Friday, January 8, 2010, 10:40 AM
On Fri, Jan 8, 2010 at 9:32 AM,
Post by Michael Madigan
It sent another batch of emails earlier this morning.
 It is using old email addresses that I've already changed
or deleted in my address book.
Post by Michael Madigan
So, it looks like the initial harvesting was sent to
an outside server and bulk sending mail once a day.
Post by Michael Madigan
It looks like the only way people are going to be able
to stop it is by blocking my email address.
----------------------------
Kaspersky will stop the inbound disaster from anyone. 
The more I use
it the better I feel about the product.  Everyday it
brags on how many
stupid threats it neutralized, and I like it boasting about
itself.
I still say that from an old email that is where all those
addys were
harvested.  Not a hack into Yahoo.
Now if your friends got the "Help me I am stuck in .....
and I need
money " email then you were hacked at Yahoo.
--
Stephen Russell
Sr. Production Systems Programmer
SQL Server DBA
Web and Winform Development
Independent Contractor
Memphis TN
901.246-0159
_______________________________________________
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
** All postings, unless explicitly stated otherwise, are
the opinions of the author, and do not constitute legal or
medical advice. This statement is added to the messages for
those lawyers who are too stupid to see the obvious.
Nicholas Geti
2010-01-08 18:02:54 UTC
Permalink
Too bad Kaspersky doesn't brag about the viruses it misses.


----- Original Message -----
From: "Stephen Russell" <***@gmail.com>
To: "ProFox Email List" <***@leafe.com>
Sent: Friday, January 08, 2010 10:40 AM
Subject: Re: [NF] An email was sent using my yahoo address book, but no
virus found.
It sent another batch of emails earlier this morning. It is using old
email addresses that I've already changed or deleted in my address book.
So, it looks like the initial harvesting was sent to an outside server and
bulk sending mail once a day.
It looks like the only way people are going to be able to stop it is by
blocking my email address.
----------------------------

Kaspersky will stop the inbound disaster from anyone. The more I use
it the better I feel about the product. Everyday it brags on how many
stupid threats it neutralized, and I like it boasting about itself.

.
Stephen Russell
2010-01-08 18:23:32 UTC
Permalink
Post by Nicholas Geti
Too bad Kaspersky doesn't brag about the viruses it misses.
---------------------------------------

OK, what virus intrusions are you talking about?

It finds rootkits, it finds keyloggers, it finds crud in html in
inbound email, as well as crud in attachments.
--
Stephen Russell
Sr. Production Systems Programmer
SQL Server DBA
Web and Winform Development
Independent Contractor
Memphis TN

901.246-0159
Nicholas Geti
2010-01-09 03:12:23 UTC
Permalink
So does combofix but it gets all of them. I have 400 to 500 clients that
have come in for computer repairs. In the past three years only two came in
and had Kasparky installed. They were infected. Combofix found the rootkits
and restored the PCs. I don't recall the specific rootkit names; they change
names every day anyway so it doesn't matter.

I think they started as rogue programs which are not blocked by any
antivirus.

----- Original Message -----
From: "Stephen Russell" <***@gmail.com>
To: "ProFox Email List" <***@leafe.com>
Sent: Friday, January 08, 2010 1:23 PM
Subject: Re: [NF] An email was sent using my yahoo address book, but no
virus found.
Post by Stephen Russell
Post by Nicholas Geti
Too bad Kaspersky doesn't brag about the viruses it misses.
---------------------------------------
OK, what virus intrusions are you talking about?
It finds rootkits, it finds keyloggers, it finds crud in html in
inbound email, as well as crud in attachments.
--
Stephen Russell
Sr. Production Systems Programmer
SQL Server DBA
Web and Winform Development
Independent Contractor
Memphis TN
901.246-0159
[excessive quoting removed by server]
Michael Madigan
2010-01-09 18:32:02 UTC
Permalink
Thanks for the tip, Nick.

I left my computer off last night and sure enough when I turned it on, the emails were sent.

I ran Combofix and it found a couple possible items that it deleted. It also deleted my known copy of blat.exe.

The emails are still sending from the original harvest and not from my current email address book, so I'm guessing that the password change stopped that.

Time will tell tomorrow if any more go out.

I have port 25 blocked on my router now, does anyone else know what other ports spam bots are sending out of?

Zonealarm isn't picking up any activity going out, so the whole thing is really strange.
Subject: Re: [NF] An email was sent using my yahoo address book, but no virus found.
Date: Friday, January 8, 2010, 10:12 PM
So does combofix but it gets all of
them. I have 400 to 500 clients that
have come in for computer repairs. In the past three years
only two came in
and had Kasparky installed. They were infected. Combofix
found the rootkits
and restored the PCs. I don't recall the specific rootkit
names; they change
names every day anyway so it doesn't matter.
I think they started as rogue programs which are not
blocked by any
antivirus.
----- Original Message -----
Sent: Friday, January 08, 2010 1:23 PM
Subject: Re: [NF] An email was sent using my yahoo address
book, but no
virus found.
Post by Stephen Russell
Post by Nicholas Geti
Too bad Kaspersky doesn't brag about the viruses
it misses.
Post by Stephen Russell
---------------------------------------
OK, what virus intrusions are you talking about?
It finds rootkits, it finds keyloggers, it finds crud
in html in
Post by Stephen Russell
inbound email, as well as crud in attachments.
--
Stephen Russell
Sr. Production Systems Programmer
SQL Server DBA
Web and Winform Development
Independent Contractor
Memphis TN
901.246-0159
[excessive quoting removed by server]
Alan Bourke
2010-01-10 10:48:12 UTC
Permalink
I've used Trinity Rescue Kit in the past
(http://trinityhome.org/Home/index.php?wpid=1&front_id=12)

It's a free bootable Linux CD with a bunch of tools for scanning Windows
partitions, including AV and rootkit scanners. It *should* pick up your
internet settings but you might have to enter gateway IP yourself. It
needs that for updating the AV signatures.
--
Alan Bourke
alanpbourke (at) fastmail (dot) fm
Michael Madigan
2010-01-10 18:00:08 UTC
Permalink
It looks like combofix may have fixed the problem. There was no spam sent in my name since the last time, over 24 hours.
Pete Theisen
2010-01-10 22:06:38 UTC
Permalink
Post by Michael Madigan
It looks like combofix may have fixed the problem. There was no spam
sent in my name since the last time, over 24 hours.
Hi Michael,

They don't work weekends, LOL.
--
Regards,

Pete
http://pete-theisen.com/
http://elect-pete-theisen.com/
Nicholas Geti
2010-01-11 03:08:15 UTC
Permalink
That package is incredibly powerful. It has worked everytime for me.
However, you should run Malwarebytes and Spybot afterwards. Then run
combofix again.


----- Original Message -----
From: "Michael Madigan" <***@yahoo.com>
To: "ProFox Email List" <***@leafe.com>
Sent: Sunday, January 10, 2010 1:00 PM
Subject: Re: [NF] An email was sent using my yahoo address book,but no virus
found.
Post by Michael Madigan
It looks like combofix may have fixed the problem. There was no spam sent
in my name since the last time, over 24 hours.
[excessive quoting removed by server]
Bill Arnold
2010-01-11 04:58:15 UTC
Permalink
Jim,

Here's another note on the subject of "attacks" just received. Everyone has
their own combination of what works. If's a freaking career.

And then tomorrow the mouse types a few lines to change the code, and the
cycle repeats.


Bill
-----Original Message-----
Sent: Sunday, January 10, 2010 10:08 PM
Subject: Re: [NF] An email was sent using my yahoo address
book,but no virusfound.
That package is incredibly powerful. It has worked everytime for me.
However, you should run Malwarebytes and Spybot afterwards. Then run
combofix again.
----- Original Message -----
Sent: Sunday, January 10, 2010 1:00 PM
Subject: Re: [NF] An email was sent using my yahoo address
book,but no virus
found.
Post by Michael Madigan
It looks like combofix may have fixed the problem. There
was no spam sent
Post by Michael Madigan
in my name since the last time, over 24 hours.
[excessive quoting removed by server]
Michael Madigan
2010-01-11 05:14:22 UTC
Permalink
It's a never-ending battle.
Subject: RE: [NF] An email was sent using my yahoo address book,but no virusfound.
Date: Sunday, January 10, 2010, 11:58 PM
Jim,
Here's another note on the subject of "attacks" just
received. Everyone has
their own combination of what works. If's a freaking
career.
And then tomorrow the mouse types a few lines to change the
code, and the
cycle repeats.
Bill
-----Original Message-----
On Behalf Of Nicholas Geti
Sent: Sunday, January 10, 2010 10:08 PM
Subject: Re: [NF] An email was sent using my yahoo
address
book,but no virusfound.
That package is incredibly powerful. It has worked
everytime for me.
However, you should run Malwarebytes and Spybot
afterwards. Then run
combofix again.
----- Original Message -----
Sent: Sunday, January 10, 2010 1:00 PM
Subject: Re: [NF] An email was sent using my yahoo
address
book,but no virus
found.
Post by Michael Madigan
It looks like combofix may have fixed the
problem.  There
was no spam sent
Post by Michael Madigan
in my name since the last time, over 24 hours.
[excessive quoting removed by server]
_______________________________________________
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
** All postings, unless explicitly stated otherwise, are
the opinions of the author, and do not constitute legal or
medical advice. This statement is added to the messages for
those lawyers who are too stupid to see the obvious.
Bill Arnold
2010-01-11 07:26:40 UTC
Permalink
I'm having a discussion with one of my brothers (who that was intended for -
he had his own list) in the aftermath of recovering a machine that was
recently attacked like a lightning bolt.

I'm using MS Security Essentials, because I believe it's MS's job to protect
Windows from these attacks (and why are they still called "viruses"
anyway?). As it happened, MS Security Essentials did stop it on re-boot, so
kudos for that. Of course the machine is now compromised, and I would regard
it as that no matter how many "a/v" programs I run, until I rebuild it
(again). I'm a small operation and I'm struggling to keep things as simple
as possible, but I'm thinking I need to either brush off Norton Ghost (which
I abandoned after it failed me ... It wants Net 2.0 and higher, but I needed
to use a C compiler that required Net 1.1, so I installed .NET 1.1 for it
(insert other steps, but basically restored back to .NET 2.0 after doing C
work) - but it turned out that these changes permanently broke Ghost's
ability to read any it's own backups in my library. So much for Ghost, for
the while anyway)

Considering VMWARE Workstation, which can create a succession of 'images' of
the OS that can be restored from. I never liked the fact that it requires a
host OS to run on, which makes the active OS a 3rd layer. Assuming I can
live with it (as the price of useful protection), I'm wonder if the host OS
(for VMWARE) is vulnerable to attack. I read one post saying "no - if you do
not share common OS files", which is encouraging, but it seems other people
believe otherwise, so the real answer isn't clear. This approach would be
useless if the base OS can be attacked.

I don't think this was a drive-by. It's software running IP ranges, probably
24x7. And there's more then 1 group of these bastards out there. It's even
possible to write programs that generate unique programs that do the same
thing, so the number of attackers and machines compromised must already be
in the stratosophere. They know, as we do, that they don't have to put
something on the screen when they attack - that's just taunting us - once
they've got control they can do anything they want to, and the possibilities
are seemingly endless.

It has crossed my mind that's gold in being able to "protect and recover"
machines, but I want no part of any of it. The solution is to fix the
problem at it's root, which is serious gov't pressure on MS and the ISP's,
and tracking down the bastards behind it. Considering the scale of it, and
the trajectory, this is a really big thing. Yet it seems not to be
registering anywhere.

I hate to suggest that the Internet be controlled, but to a large extent it
already is. For example, I've no doubt that the CIA/FBI/KBG/et al know
exactly how to pinpoint the source and target of any traffic sent over the
net.


Bill
Post by Michael Madigan
It's a never-ending battle.
--- On Sun, 1/10/10, Bill Arnold
Subject: RE: [NF] An email was sent using my yahoo address
book,but no virusfound.
Date: Sunday, January 10, 2010, 11:58 PM
Jim,
Here's another note on the subject of "attacks" just
received. Everyone has
their own combination of what works. If's a freaking
career.
And then tomorrow the mouse types a few lines to change the
code, and the
cycle repeats.
Bill
-----Original Message-----
On Behalf Of Nicholas Geti
Sent: Sunday, January 10, 2010 10:08 PM
Subject: Re: [NF] An email was sent using my yahoo
address
book,but no virusfound.
That package is incredibly powerful. It has worked
everytime for me.
However, you should run Malwarebytes and Spybot
afterwards. Then run
combofix again.
----- Original Message -----
Sent: Sunday, January 10, 2010 1:00 PM
Subject: Re: [NF] An email was sent using my yahoo
address
book,but no virus
found.
Post by Michael Madigan
It looks like combofix may have fixed the
problem.  There
was no spam sent
Post by Michael Madigan
in my name since the last time, over 24 hours.
[excessive quoting removed by server]
Alan Bourke
2010-01-11 10:37:38 UTC
Permalink
On Mon, 11 Jan 2010 02:26 -0500, "Bill Arnold"
Post by Bill Arnold
and why are they still called "viruses"
Because most people don't know what the term 'virus' actually means in
an IT context, and use it incorrectly to refer to security flaws,
trojans, worms, diallers, backdoors, rootkits, spyware, adware and
whatever else you're having.
--
Alan Bourke
alanpbourke (at) fastmail (dot) fm
Bill Arnold
2010-01-11 20:53:13 UTC
Permalink
Alan,
Post by Bill Arnold
and why are they still called "viruses"
Because most people don't know what the term 'virus' actually means in an IT
context, and use it incorrectly to refer to security flaws, trojans, worms,
diallers, backdoors, rootkits, spyware, adware and whatever else you're
having.

--------------------------------

If they were properly called "attacks" - which is any unwanted action taken
on our equipment by an attacker - from the beginning, might they have gotten
a different type of attention? I think so.

A virus is something that occurs in nature, thus using the word virus for
these things associates it with nature, as in "I caught a virus", which
people are used to and tend to accept. Of course there is NOTHING about them
that is natural and they aren't "caught" at all, they occur as a result of
deliberate and destructive actions taken by evil people. But the "nature"
association prevents people (to an important degree, I believe) from
properly associating these actions with the evil people who perpetrate them,
and consequently taking appropriate action to stop them.

This as one of the Big Lies we live with that distort our perception of the
world.


Bill
--
Alan Bourke
alanpbourke (at) fastmail (dot) fm


[excessive quoting removed by server]
Alan Bourke
2010-01-12 10:07:55 UTC
Permalink
On Mon, 11 Jan 2010 15:53 -0500, "Bill Arnold"
Post by Bill Arnold
Alan,
A virus is something that occurs in nature, thus using the word virus for
these things associates it with nature, as in "I caught a virus", which
people are used to and tend to accept. Of course there is NOTHING about them
that is natural and they aren't "caught" at all, they occur as a result of
deliberate and destructive actions taken by evil people. But the "nature"
association prevents people (to an important degree, I believe) from
properly associating these actions with the evil people who perpetrate them,
and consequently taking appropriate action to stop them.
That's a good point - most non-tech people I know would shrug at an
attack by a virus or other malware unless it was actively hampering what
they were doing. There's nothing natural about viruses in the IT sense
apart from the fact that classic computer virus has a lot of
similarities with biological viruses in how it infects and propagates.
--
Alan Bourke
alanpbourke (at) fastmail (dot) fm
Leland F. Jackson, CPA
2010-01-11 17:34:20 UTC
Permalink
Post by Bill Arnold
I'm having a discussion with one of my brothers (who that was intended for -
he had his own list) in the aftermath of recovering a machine that was
recently attacked like a lightning bolt.
I'm using MS Security Essentials, because I believe it's MS's job to protect
Windows from these attacks (and why are they still called "viruses"
anyway?). As it happened, MS Security Essentials did stop it on re-boot, so
kudos for that. Of course the machine is now compromised, and I would regard
it as that no matter how many "a/v" programs I run, until I rebuild it
(again). I'm a small operation and I'm struggling to keep things as simple
as possible, but I'm thinking I need to either brush off Norton Ghost (which
I abandoned after it failed me ... It wants Net 2.0 and higher, but I needed
to use a C compiler that required Net 1.1, so I installed .NET 1.1 for it
(insert other steps, but basically restored back to .NET 2.0 after doing C
work) - but it turned out that these changes permanently broke Ghost's
ability to read any it's own backups in my library. So much for Ghost, for
the while anyway)
Considering VMWARE Workstation, which can create a succession of 'images' of
the OS that can be restored from. I never liked the fact that it requires a
host OS to run on, which makes the active OS a 3rd layer. Assuming I can
live with it (as the price of useful protection), I'm wonder if the host OS
(for VMWARE) is vulnerable to attack. I read one post saying "no - if you do
not share common OS files", which is encouraging, but it seems other people
believe otherwise, so the real answer isn't clear. This approach would be
useless if the base OS can be attacked.
I've had good luck running Sun's Virtualbox. I switched to
Virtualbox after using VMWARE Workstation for a number of
years. The joker in my deck of cards right now is Oracle's
acquisition of Sun, and what effect that might have on
products previously owned by Sun, like MySQL, and
Virtualbox. I use PostgreSQL as my database, so I'm not so
worried about MySQL's fate.

I host Virtualbox in Linux, (eg Fedora 11), and I have
SELinux enabled. I run XP Pro as a guest OS of Virtualbox,
but I only use XP Pro as necessary. I don't allow XP Pro to
be used to browse the internet or run any email clients.
All browsing of the internet and email clients are run in
the home directory of the user, (eg Firefox, Thunderbird,
Squirrelmail, etc.) in Fedora. This limits exposure to
viruses, malware, spyware, etc in Windows XP Pro, where such
dangerous apps are so prevalent.

Since each VM running in Virtualbox is self contained within
its own folder, it's easy to backup. All you need to do is
copy and paste the folder. Also, you could clone an OS and
use the close as a backup that could eventually become the
primary OS in an emergency, and Virtualbox also supports
snapshots.

Since the apps that expose me to the majority of risk from
attack from the internet are running under Linux with the
protection of SELinux, my Linux and XP Pro OS(s) are both
pretty well protected.

Still I'm running a virus scanner in Fedora called "Clamtk
4.10" to scan anything downloaded from the internet, before
I install or run the downloads. I think it would be a good
idea to have software in place to protect any window OS,
even when running the Window OS within a VM; although, I'm
not currently doing so.

The disadvantage of this approach is the learning curve for
those who have little or no exposure to the Linux OS.

Regards,

LelandJ
Post by Bill Arnold
I don't think this was a drive-by. It's software running IP ranges, probably
24x7. And there's more then 1 group of these bastards out there. It's even
possible to write programs that generate unique programs that do the same
thing, so the number of attackers and machines compromised must already be
in the stratosophere. They know, as we do, that they don't have to put
something on the screen when they attack - that's just taunting us - once
they've got control they can do anything they want to, and the possibilities
are seemingly endless.
It has crossed my mind that's gold in being able to "protect and recover"
machines, but I want no part of any of it. The solution is to fix the
problem at it's root, which is serious gov't pressure on MS and the ISP's,
and tracking down the bastards behind it. Considering the scale of it, and
the trajectory, this is a really big thing. Yet it seems not to be
registering anywhere.
I hate to suggest that the Internet be controlled, but to a large extent it
already is. For example, I've no doubt that the CIA/FBI/KBG/et al know
exactly how to pinpoint the source and target of any traffic sent over the
net.
Bill
Post by Michael Madigan
It's a never-ending battle.
--- On Sun, 1/10/10, Bill Arnold
Subject: RE: [NF] An email was sent using my yahoo address
book,but no virusfound.
Date: Sunday, January 10, 2010, 11:58 PM
Jim,
Here's another note on the subject of "attacks" just
received. Everyone has
their own combination of what works. If's a freaking
career.
And then tomorrow the mouse types a few lines to change the
code, and the
cycle repeats.
Bill
-----Original Message-----
On Behalf Of Nicholas Geti
Sent: Sunday, January 10, 2010 10:08 PM
Subject: Re: [NF] An email was sent using my yahoo
address
book,but no virusfound.
That package is incredibly powerful. It has worked
everytime for me.
However, you should run Malwarebytes and Spybot
afterwards. Then run
combofix again.
----- Original Message -----
Sent: Sunday, January 10, 2010 1:00 PM
Subject: Re: [NF] An email was sent using my yahoo
address
book,but no virus
found.
Post by Michael Madigan
It looks like combofix may have fixed the
problem. There
was no spam sent
Post by Michael Madigan
in my name since the last time, over 24 hours.
[excessive quoting removed by server]
Bill Arnold
2010-01-11 21:27:54 UTC
Permalink
Leland,

I get what you're saying, but all of the products I use are standard and
popular Windows apps, deliberately so because they are the apps my customers
are most likely to use, not necessarily because I myself prefer them.

I do appreciate the usefulness of Linux for servers, and in fact do use it
on the server side, but I think it's going to be some time before Linux
replaces Windows on our customer's desktops. Thus I'm reluctant to go any
further with it at this time.
From this standpoint, I'm thinking a minimal but effective VM solution is
all I need. You don't mention why you moved from VMWare workstation ?

I realize this matter, these attacks, are bigger then any one of us, so
whatever I say or do isn't going to matter. This problem isn't even going to
be stood up to until a whole lot of people decide to take action. One useful
step is to stop calling them something they aren't.


Bill



I've had good luck running Sun's Virtualbox. I switched to
Virtualbox after using VMWARE Workstation for a number of
years.

The joker in my deck of cards right now is Oracle's
acquisition of Sun, and what effect that might have on
products previously owned by Sun, like MySQL, and
Virtualbox. I use PostgreSQL as my database, so I'm not so
worried about MySQL's fate.

I host Virtualbox in Linux, (eg Fedora 11), and I have
SELinux enabled. I run XP Pro as a guest OS of Virtualbox,
but I only use XP Pro as necessary. I don't allow XP Pro to
be used to browse the internet or run any email clients.
All browsing of the internet and email clients are run in
the home directory of the user, (eg Firefox, Thunderbird,
Squirrelmail, etc.) in Fedora. This limits exposure to
viruses, malware, spyware, etc in Windows XP Pro, where such
dangerous apps are so prevalent.

Since each VM running in Virtualbox is self contained within
its own folder, it's easy to backup. All you need to do is
copy and paste the folder. Also, you could clone an OS and
use the close as a backup that could eventually become the
primary OS in an emergency, and Virtualbox also supports
snapshots.

Since the apps that expose me to the majority of risk from
attack from the internet are running under Linux with the
protection of SELinux, my Linux and XP Pro OS(s) are both
pretty well protected.

Still I'm running a virus scanner in Fedora called "Clamtk
4.10" to scan anything downloaded from the internet, before
I install or run the downloads. I think it would be a good
idea to have software in place to protect any window OS,
even when running the Window OS within a VM; although, I'm
not currently doing so.

The disadvantage of this approach is the learning curve for
those who have little or no exposure to the Linux OS.

Regards,

LelandJ
I don't think this was a drive-by. It's software running IP ranges,
probably 24x7. And there's more then 1 group of these bastards out
there. It's even possible to write programs that generate unique
programs that do the same thing, so the number of attackers and
machines compromised must already be in the stratosophere. They know,
as we do, that they don't have to put something on the screen when
they attack - that's just taunting us - once they've got control they
can do anything they want to, and the possibilities are seemingly
endless.
It has crossed my mind that's gold in being able to "protect and
recover" machines, but I want no part of any of it. The solution is to
fix the problem at it's root, which is serious gov't pressure on MS
and the ISP's, and tracking down the bastards behind it. Considering
the scale of it, and the trajectory, this is a really big thing. Yet
it seems not to be registering anywhere.
I hate to suggest that the Internet be controlled, but to a large
extent it already is. For example, I've no doubt that the
CIA/FBI/KBG/et al know exactly how to pinpoint the source and target
of any traffic sent over the net.
Bill
Post by Michael Madigan
It's a never-ending battle.
Subject: RE: [NF] An email was sent using my yahoo address
book,but no virusfound.
Date: Sunday, January 10, 2010, 11:58 PM
Jim,
Here's another note on the subject of "attacks" just received.
Everyone has their own combination of what works. If's a freaking
career.
And then tomorrow the mouse types a few lines to change the code,
and the cycle repeats.
Bill
-----Original Message-----
On Behalf Of Nicholas Geti
Sent: Sunday, January 10, 2010 10:08 PM
Subject: Re: [NF] An email was sent using my yahoo
address
book,but no virusfound.
That package is incredibly powerful. It has worked
everytime for me.
However, you should run Malwarebytes and Spybot
afterwards. Then run
combofix again.
----- Original Message -----
Sent: Sunday, January 10, 2010 1:00 PM
Subject: Re: [NF] An email was sent using my yahoo
address
book,but no virus
found.
Post by Michael Madigan
It looks like combofix may have fixed the
problem. There
was no spam sent
Post by Michael Madigan
in my name since the last time, over 24 hours.
[excessive quoting removed by server]
Leland F. Jackson, CPA
2010-01-11 23:10:28 UTC
Permalink
Post by Bill Arnold
You don't mention why you moved from VMWare workstation ?
VMWare Workstation is a good product, but Virtualbox gives
me everything VMWare Workstation did, and Virtualbox is more
open, (eg free), while VMWare Workstation is more
proprietary. All I had to do to get Virtualbox going was
register my copy with Sun.

Virtualbox seemed to be more responsive than VMware
Workstation, at least at the time I tested and switched to
Virtualbox. At that time I was running VMware Workstation
4.5.9, and was having trouble with it; because, it was no
longer being support by the patches needed to work with the
latest version, (eg libraries) of Linux, so I moved to
Virtualbox. The alternative was to buy a license from
VMware for version 5 and version 6 was coming up fast. I
didn't need the VMware Workstation upgrades; because, I
didn't have any plans on moving to Vista or Windows 7, so
buying the upgrades was just another expense that didn't
really buy me anything.

Virtualbox handles Vista and Windows 7 just fine, if I
decide I want to move to them, and Sun has been doing a good
job of keeping Virtualbox up to date. Also, Sun had the
muscle and talent to really take care of business, like they
have with other software products like Java, NetBean,
Glassfish, MySQL, PostgreSQL, OpenOffice.org, Opensolaris, etc.

I don't know what the Oracle acquisition of Sun is going to
do to Sun's products, but Oracle has come out with a
statement to the effect they are not going to compete in the
low end space with outfits like HP, Dell, and Gateway.
Oracle is going big, so I suppose they will focus on
competing with the likes of IBM. Sun was big into both
hardware and software. It will be interesting to see where
Oracle take the acquired Sun product line.

Regards,

LelandJ
Bill Arnold
2010-01-12 02:43:49 UTC
Permalink
Thanks for good info, Leland.

I understand what you've done and why. I'm resigned that there isn't any
easy way to deal with this problem. I guess I'll ponder what to do for a
while. For the moment MS Security Essentials appears to be doing it's job,
but I'm going to have to rebuild the machine regardless. Each time I go
through the drill I improve the procedure, so it's hours, not days.

I'm using MySQL more and more these days, so I'm interested in what happens
with it, but don't see it going away anytime soon. I'm guessing we'll wind
up paying a license fee.

A heads up for anyone who may not be aware of this: some of these attackers
also change HTML files on the attacked machine by inserting a line at the
bottom. I expect the line(s) vary between attacks, but the basic idea is
obvious. And to be sure, this is just another step in a progression that's
got to squished before the net is rendered useless (their obvious goal).


Bill
Post by Leland F. Jackson, CPA
Post by Bill Arnold
You don't mention why you moved from VMWare workstation ?
VMWare Workstation is a good product, but Virtualbox gives
me everything VMWare Workstation did, and Virtualbox is more
open, (eg free), while VMWare Workstation is more
proprietary. All I had to do to get Virtualbox going was
register my copy with Sun.
Virtualbox seemed to be more responsive than VMware
Workstation, at least at the time I tested and switched to
Virtualbox. At that time I was running VMware Workstation
4.5.9, and was having trouble with it; because, it was no
longer being support by the patches needed to work with the
latest version, (eg libraries) of Linux, so I moved to
Virtualbox. The alternative was to buy a license from
VMware for version 5 and version 6 was coming up fast. I
didn't need the VMware Workstation upgrades; because, I
didn't have any plans on moving to Vista or Windows 7, so
buying the upgrades was just another expense that didn't
really buy me anything.
Virtualbox handles Vista and Windows 7 just fine, if I
decide I want to move to them, and Sun has been doing a good
job of keeping Virtualbox up to date. Also, Sun had the
muscle and talent to really take care of business, like they
have with other software products like Java, NetBean,
Glassfish, MySQL, PostgreSQL, OpenOffice.org, Opensolaris, etc.
I don't know what the Oracle acquisition of Sun is going to
do to Sun's products, but Oracle has come out with a
statement to the effect they are not going to compete in the
low end space with outfits like HP, Dell, and Gateway.
Oracle is going big, so I suppose they will focus on
competing with the likes of IBM. Sun was big into both
hardware and software. It will be interesting to see where
Oracle take the acquired Sun product line.
Regards,
LelandJ
[excessive quoting removed by server]
Leland F. Jackson, CPA
2010-01-12 03:33:16 UTC
Permalink
Post by Bill Arnold
Thanks for good info, Leland.
I understand what you've done and why. I'm resigned that there isn't any
easy way to deal with this problem. I guess I'll ponder what to do for a
while. For the moment MS Security Essentials appears to be doing it's job,
but I'm going to have to rebuild the machine regardless. Each time I go
through the drill I improve the procedure, so it's hours, not days.
I'm using MySQL more and more these days, so I'm interested in what happens
with it, but don't see it going away anytime soon. I'm guessing we'll wind
up paying a license fee.
MySQL was originally offered under an open GPL license.
Later it was offered under a dual license, just like
Virtualbox is currently offered under a dual license by Sun.

Any code that was once released under the GPL cannot be
"closed" again. The license that Sun has granted you with
the GPL is perpetual and cannot be taken back. Even if Sun
were to change the license again, or Oracle for that matter,
this could only affect future versions, and anybody would
still be permitted to redistribute the existing MySQL code
under the terms of the original GPL.

Regards,

LelandJ
Post by Bill Arnold
A heads up for anyone who may not be aware of this: some of these attackers
also change HTML files on the attacked machine by inserting a line at the
bottom. I expect the line(s) vary between attacks, but the basic idea is
obvious. And to be sure, this is just another step in a progression that's
got to squished before the net is rendered useless (their obvious goal).
Bill
Post by Leland F. Jackson, CPA
Post by Bill Arnold
You don't mention why you moved from VMWare workstation ?
VMWare Workstation is a good product, but Virtualbox gives
me everything VMWare Workstation did, and Virtualbox is more
open, (eg free), while VMWare Workstation is more
proprietary. All I had to do to get Virtualbox going was
register my copy with Sun.
Virtualbox seemed to be more responsive than VMware
Workstation, at least at the time I tested and switched to
Virtualbox. At that time I was running VMware Workstation
4.5.9, and was having trouble with it; because, it was no
longer being support by the patches needed to work with the
latest version, (eg libraries) of Linux, so I moved to
Virtualbox. The alternative was to buy a license from
VMware for version 5 and version 6 was coming up fast. I
didn't need the VMware Workstation upgrades; because, I
didn't have any plans on moving to Vista or Windows 7, so
buying the upgrades was just another expense that didn't
really buy me anything.
Virtualbox handles Vista and Windows 7 just fine, if I
decide I want to move to them, and Sun has been doing a good
job of keeping Virtualbox up to date. Also, Sun had the
muscle and talent to really take care of business, like they
have with other software products like Java, NetBean,
Glassfish, MySQL, PostgreSQL, OpenOffice.org, Opensolaris, etc.
I don't know what the Oracle acquisition of Sun is going to
do to Sun's products, but Oracle has come out with a
statement to the effect they are not going to compete in the
low end space with outfits like HP, Dell, and Gateway.
Oracle is going big, so I suppose they will focus on
competing with the likes of IBM. Sun was big into both
hardware and software. It will be interesting to see where
Oracle take the acquired Sun product line.
Regards,
LelandJ
[excessive quoting removed by server]
Leland F. Jackson, CPA
2010-01-11 17:59:08 UTC
Permalink
Below is a link to a Virtualbox download page:

http://download.virtualbox.org/virtualbox/vboxdownload.html

Regards,

LelandJ
Post by Bill Arnold
I'm having a discussion with one of my brothers (who that was intended for -
he had his own list) in the aftermath of recovering a machine that was
recently attacked like a lightning bolt.
I'm using MS Security Essentials, because I believe it's MS's job to protect
Windows from these attacks (and why are they still called "viruses"
anyway?). As it happened, MS Security Essentials did stop it on re-boot, so
kudos for that. Of course the machine is now compromised, and I would regard
it as that no matter how many "a/v" programs I run, until I rebuild it
(again). I'm a small operation and I'm struggling to keep things as simple
as possible, but I'm thinking I need to either brush off Norton Ghost (which
I abandoned after it failed me ... It wants Net 2.0 and higher, but I needed
to use a C compiler that required Net 1.1, so I installed .NET 1.1 for it
(insert other steps, but basically restored back to .NET 2.0 after doing C
work) - but it turned out that these changes permanently broke Ghost's
ability to read any it's own backups in my library. So much for Ghost, for
the while anyway)
Considering VMWARE Workstation, which can create a succession of 'images' of
the OS that can be restored from. I never liked the fact that it requires a
host OS to run on, which makes the active OS a 3rd layer. Assuming I can
live with it (as the price of useful protection), I'm wonder if the host OS
(for VMWARE) is vulnerable to attack. I read one post saying "no - if you do
not share common OS files", which is encouraging, but it seems other people
believe otherwise, so the real answer isn't clear. This approach would be
useless if the base OS can be attacked.
I don't think this was a drive-by. It's software running IP ranges, probably
24x7. And there's more then 1 group of these bastards out there. It's even
possible to write programs that generate unique programs that do the same
thing, so the number of attackers and machines compromised must already be
in the stratosophere. They know, as we do, that they don't have to put
something on the screen when they attack - that's just taunting us - once
they've got control they can do anything they want to, and the possibilities
are seemingly endless.
It has crossed my mind that's gold in being able to "protect and recover"
machines, but I want no part of any of it. The solution is to fix the
problem at it's root, which is serious gov't pressure on MS and the ISP's,
and tracking down the bastards behind it. Considering the scale of it, and
the trajectory, this is a really big thing. Yet it seems not to be
registering anywhere.
I hate to suggest that the Internet be controlled, but to a large extent it
already is. For example, I've no doubt that the CIA/FBI/KBG/et al know
exactly how to pinpoint the source and target of any traffic sent over the
net.
Bill
Post by Michael Madigan
It's a never-ending battle.
--- On Sun, 1/10/10, Bill Arnold
Subject: RE: [NF] An email was sent using my yahoo address
book,but no virusfound.
Date: Sunday, January 10, 2010, 11:58 PM
Jim,
Here's another note on the subject of "attacks" just
received. Everyone has
their own combination of what works. If's a freaking
career.
And then tomorrow the mouse types a few lines to change the
code, and the
cycle repeats.
Bill
-----Original Message-----
On Behalf Of Nicholas Geti
Sent: Sunday, January 10, 2010 10:08 PM
Subject: Re: [NF] An email was sent using my yahoo
address
book,but no virusfound.
That package is incredibly powerful. It has worked
everytime for me.
However, you should run Malwarebytes and Spybot
afterwards. Then run
combofix again.
----- Original Message -----
Sent: Sunday, January 10, 2010 1:00 PM
Subject: Re: [NF] An email was sent using my yahoo
address
book,but no virus
found.
Post by Michael Madigan
It looks like combofix may have fixed the
problem. There
was no spam sent
Post by Michael Madigan
in my name since the last time, over 24 hours.
[excessive quoting removed by server]
James E Harvey
2010-01-11 19:35:01 UTC
Permalink
Is there a such thing as a "balun" that will allow a connection from
ethernet to telephone wires back to ethernet cable.

Our maintenance shop is about 1,000 feet from the office and we want to
connect the foreman's computer to our server. We know there are open
telephone wires available if this can be done.

My Google search "ethernet to telephone baluns" isn't coming up with
anything specific.


James E Harvey
Hanover Shoe Farms, Inc.
M.I.S./Corresponding Officer
Off: 717-637-8931
fax: 717-637-6766
email: ***@hanoverpa.com
Sytze de Boer
2010-01-11 19:45:05 UTC
Permalink
We used a company to "underground thrust" a network cable.
Cheap but very effective
Post by James E Harvey
Is there a such thing as a "balun" that will allow a connection from
ethernet to telephone wires back to ethernet cable.
Our maintenance shop is about 1,000 feet from the office and we want to
connect the foreman's computer to our server. We know there are open
telephone wires available if this can be done.
My Google search "ethernet to telephone baluns" isn't coming up with
anything specific.
James E Harvey
Hanover Shoe Farms, Inc.
M.I.S./Corresponding Officer
Off: 717-637-8931
fax: 717-637-6766
[excessive quoting removed by server]
Kevin Cully
2010-01-11 19:47:15 UTC
Permalink
Wouldn't it be easier to set up a directional wireless connection?
Post by James E Harvey
Is there a such thing as a "balun" that will allow a connection from
ethernet to telephone wires back to ethernet cable.
Our maintenance shop is about 1,000 feet from the office and we want to
connect the foreman's computer to our server. We know there are open
telephone wires available if this can be done.
My Google search "ethernet to telephone baluns" isn't coming up with
anything specific.
James E Harvey
Hanover Shoe Farms, Inc.
M.I.S./Corresponding Officer
Off: 717-637-8931
fax: 717-637-6766
[excessive quoting removed by server]
James E Harvey
2010-01-11 20:22:07 UTC
Permalink
Way too many trees, barns, buildings in the way?

James E Harvey
Hanover Shoe Farms, Inc.
M.I.S./Corresponding Officer
Off: 717-637-8931
fax: 717-637-6766
email: ***@hanoverpa.com


-----Original Message-----
From: profox-***@leafe.com [mailto:profox-***@leafe.com] On Behalf
Of Kevin Cully
Sent: Monday, January 11, 2010 2:47 PM
To: ***@leafe.com
Subject: Re: [NF] ethernet to telephone wire and back

Wouldn't it be easier to set up a directional wireless connection?
Post by James E Harvey
Is there a such thing as a "balun" that will allow a connection from
ethernet to telephone wires back to ethernet cable.
Our maintenance shop is about 1,000 feet from the office and we want to
connect the foreman's computer to our server. We know there are open
telephone wires available if this can be done.
My Google search "ethernet to telephone baluns" isn't coming up with
anything specific.
James E Harvey
Hanover Shoe Farms, Inc.
M.I.S./Corresponding Officer
Off: 717-637-8931
fax: 717-637-6766
[excessive quoting removed by server]
John
2010-01-11 22:14:41 UTC
Permalink
Ethernet has a distance issue with the 1000'. I can't recall the exact
distance, but I think it was around 300'. You can google and get the info.
You might want to look at mesh radio or wifi with a booster antennae.


John Harvey

-----Original Message-----
From: profox-***@leafe.com [mailto:profox-***@leafe.com] On Behalf
Of James E Harvey
Sent: Monday, January 11, 2010 1:35 PM
To: 'ProFox Email List'
Subject: [NF] ethernet to telephone wire and back

Is there a such thing as a "balun" that will allow a connection from
ethernet to telephone wires back to ethernet cable.

Our maintenance shop is about 1,000 feet from the office and we want to
connect the foreman's computer to our server. We know there are open
telephone wires available if this can be done.

My Google search "ethernet to telephone baluns" isn't coming up with
anything specific.


James E Harvey
Hanover Shoe Farms, Inc.
M.I.S./Corresponding Officer
Off: 717-637-8931
fax: 717-637-6766
email: ***@hanoverpa.com


[excessive quoting removed by server]
Leland F. Jackson, CPA
2010-01-11 23:13:09 UTC
Permalink
I haven't use this product so I really don't know whether it
is suitable for your purpose:

http://www.netsys-direct.com/proddetail.php?prod=NV-600EKIT

Regards,

LelandJ
Post by James E Harvey
Is there a such thing as a "balun" that will allow a connection from
ethernet to telephone wires back to ethernet cable.
Our maintenance shop is about 1,000 feet from the office and we want to
connect the foreman's computer to our server. We know there are open
telephone wires available if this can be done.
My Google search "ethernet to telephone baluns" isn't coming up with
anything specific.
James E Harvey
Hanover Shoe Farms, Inc.
M.I.S./Corresponding Officer
Off: 717-637-8931
fax: 717-637-6766
[excessive quoting removed by server]
Paul McNett
2010-01-11 23:29:10 UTC
Permalink
Post by John
Ethernet has a distance issue with the 1000'. I can't recall the exact
distance, but I think it was around 300'. You can google and get the info.
You might want to look at mesh radio or wifi with a booster antennae.
Ethernet (cat5 wiring at least) starts to crap out at 100 meters (328 feet). But
that's just for a single run of patch cable from switch to switch. For longer runs
than that I believe you want fiber.

Paul
Leland F. Jackson, CPA
2010-01-12 01:20:08 UTC
Permalink
Here is more info:

http://en.wikipedia.org/wiki/Gigabit_Ethernet

Regards,

LelandJ
Post by Paul McNett
Post by John
Ethernet has a distance issue with the 1000'. I can't recall the exact
distance, but I think it was around 300'. You can google and get the info.
You might want to look at mesh radio or wifi with a booster antennae.
Ethernet (cat5 wiring at least) starts to crap out at 100 meters (328 feet). But
that's just for a single run of patch cable from switch to switch. For longer runs
than that I believe you want fiber.
Paul
[excessive quoting removed by server]
Michael Madigan
2010-01-12 01:24:39 UTC
Permalink
I would try wireless first anyway just to make sure it really doesn't work.
Post by James E Harvey
Subject: Re: [NF] ethernet to telephone wire and back
Date: Monday, January 11, 2010, 8:20 PM
http://en.wikipedia.org/wiki/Gigabit_Ethernet
Regards,
LelandJ
Post by Paul McNett
Post by John
Ethernet has a distance issue with the 1000'. I
can't recall the exact
Post by Paul McNett
Post by John
distance, but I think it was around 300'. You can
google and get the info.
Post by Paul McNett
Post by John
You might want to look at mesh radio or wifi with
a booster antennae.
Post by Paul McNett
Ethernet (cat5 wiring at least) starts to crap out at
100 meters (328 feet). But
Post by Paul McNett
that's just for a single run of patch cable from
switch to switch. For longer runs
Post by Paul McNett
than that I believe you want fiber.
Paul
[excessive quoting removed by server]
Peter Hart
2010-01-11 20:13:12 UTC
Permalink
Hi James

In the UK we use an adapter which is called a "MOD-TAP" or Line Adapter
which I used to get from a company called Molex.
These are RJ45 plug to BT line socket adapters.

I think you need to look further using the above product types or
Manufacturer/Supplier as they need to have American telephone sockets
obviously.

I seem to remember that the CAT5/6 cabling had to have all wires
connected and correct for them to work.

In the UK they come in two type - Master (with ringing capacitor) and
secondary (without).
At least two of the medium sized companies I do maintenance for, use
them without problems.

Cheers

Peter
Peter Hart Computers.

-----Original Message-----
From: profox-***@leafe.com [mailto:profox-***@leafe.com] On
Behalf Of James E Harvey
Sent: 11 January 2010 19:45
To: 'ProFox Email List'
Subject: [NF] ethernet to telephone wire and back

Is there a such thing as a "balun" that will allow a connection from
ethernet to telephone wires back to ethernet cable.

Our maintenance shop is about 1,000 feet from the office and we want to
connect the foreman's computer to our server. We know there are open
telephone wires available if this can be done.

My Google search "ethernet to telephone baluns" isn't coming up with
anything specific.


James E Harvey
Hanover Shoe Farms, Inc.
M.I.S./Corresponding Officer
Off: 717-637-8931
fax: 717-637-6766
email: ***@hanoverpa.com


[excessive quoting removed by server]
Bill Arnold
2010-01-14 06:00:08 UTC
Permalink
When our PC's are hit, it's a virus, but when Google and big companies get
hit, it's an attack:

http://www.informationweek.com/news/security/attacks/showArticle.jhtml?artic
leID=222300673

"Google's decision comes after it detected a highly sophisticated cyber
attack on its corporate infrastructure last month that resulted in the theft
of Google's intellectual property."

"David Drummond, SVP of corporate development at Google and the company's
chief legal officer, said in a blog post that Google's internal
investigation revealed at least twenty other large companies had also been
attacked."



Bill
Alan Bourke
2010-01-14 16:00:18 UTC
Permalink
On Thu, 14 Jan 2010 01:00 -0500, "Bill Arnold"
Post by Bill Arnold
When our PC's are hit, it's a virus, but when Google and big companies get
What happened at Google was almost certainly trojans dropped onto
systems by users opening PDFs with exploits in them, or very possibly
security flaws in web server software used at Google. But they were out
to specifically get Google rather than infect machines at random hence
'attack' I suppose.
--
Alan Bourke
alanpbourke (at) fastmail (dot) fm
Bill Arnold
2010-01-14 21:47:48 UTC
Permalink
Alan,

I regard security matters as never-ending cat and mouse, whack-a-mole games
of little interest. I mentioned this observation because I feel compelled to
pursue truth wherever it leads, and the truth of this matter is wildly out
of sync with perception. Whether it's by design or just ignorance, I can't
say. It does occur to me that we, as programmers, knowing the potential of
people and the tools involved, should be more circumspect.


Bill
Post by Alan Bourke
Post by Bill Arnold
When our PC's are hit, it's a virus, but when Google and big companies get
What happened at Google was almost certainly trojans dropped onto
systems by users opening PDFs with exploits in them, or very possibly
security flaws in web server software used at Google. But
they were out
to specifically get Google rather than infect machines at random hence
'attack' I suppose.
--
Alan Bourke
alanpbourke (at) fastmail (dot) fm
Pete Theisen
2010-01-08 15:40:59 UTC
Permalink
Post by Michael Madigan
It sent another batch of emails earlier this morning. It is using old email addresses that I've already changed or deleted in my address book.
So, it looks like the initial harvesting was sent to an outside server and bulk sending mail once a day.
It looks like the only way people are going to be able to stop it is by blocking my email address.
Great.
Hi Michael,

I haven't been getting them. Oh, Verizon has a spam filter. That and
perhaps I am not on your list, LOL.
--
Regards,

Pete
http://pete-theisen.com/
http://elect-pete-theisen.com/
Michael Madigan
2010-01-08 16:08:57 UTC
Permalink
I think the only list you're on is the political list and that may be being blocked by yahoo.
Subject: Re: [NF] An email was sent using my yahoo address book, but no virus found.
Date: Friday, January 8, 2010, 10:40 AM
Post by Michael Madigan
It sent another batch of emails earlier this
morning.  It is using old email addresses that I've
already changed or deleted in my address book.
Post by Michael Madigan
So, it looks like the initial harvesting was sent to
an outside server and bulk sending mail once a day.
Post by Michael Madigan
It looks like the only way people are going to be able
to stop it is by blocking my email address.
Post by Michael Madigan
Great.
Hi Michael,
I haven't been getting them. Oh, Verizon has a spam filter.
That and
perhaps I am not on your list, LOL.
--
Regards,
Pete
http://pete-theisen.com/
http://elect-pete-theisen.com/
_______________________________________________
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
** All postings, unless explicitly stated otherwise, are
the opinions of the author, and do not constitute legal or
medical advice. This statement is added to the messages for
those lawyers who are too stupid to see the obvious.
Continue reading on narkive:
Loading...